TechNaduMustang Panda (Hive0154) rolled out SnakeDisk (USB worm) + Toneshell9/Yokai backdoor to target air-gapped networks (geo-targeted to Thailand). Indicators: hidden SYSTEM/HIDDEN dirs on USB, robocopy/SHFileOperation usage, payloads reconstructed in C:\Users\Public\, scheduled tasks for persistence. Immediate mitigations: enforce approved read-only media, disable autorun, monitor WM_DEVICECHANGE/IOCTL, block DLL sideloading, and scan media in isolated sandboxes.
Follow @technadu for IOCs & response playbooks.
#MustangPanda #USBWorm #AirGapSecurity #ThreatIntel #EDR #IR #InfoSec #Malware
PrivacyDigest
Poetry News
ITSEC News